Roxen.git / server / modules / filesystems / filesystem.pike

version» Context lines:

Roxen.git/server/modules/filesystems/filesystem.pike:1:   // This is a roxen module. Copyright © 1996 - 2001, Roxen IS.      // This is a virtual "file-system".   // It will be located somewhere in the name-space of the server.   // Also inherited by some of the other filesystems.      inherit "module";   inherit "socket";    - constant cvs_version= "$Id: filesystem.pike,v 1.138 2004/05/13 12:33:34 mast Exp $"; + constant cvs_version= "$Id: filesystem.pike,v 1.139 2004/05/13 16:04:47 grubba Exp $";   constant thread_safe=1;      #include <module.h>   #include <roxen.h>   #include <stat.h>   #include <request_trace.h>         //<locale-token project="mod_filesystem">LOCALE</locale-token>   #define LOCALE(X,Y) _DEF_LOCALE("mod_filesystem",X,Y)
Roxen.git/server/modules/filesystems/filesystem.pike:365:   {    if(f[0]=='.' && !dotfiles) return 0;    if(!tilde && Roxen.backup_extension(f)) return 0;    return 1;   }      array(string) list_lock_files() {    return query("nobrowse");   }    + static mapping(string:mixed)|int(0..1) write_access(string path, +  int(0..1) recursive, +  RequestID id) + { +  SIMPLE_TRACE_ENTER(this, "write_access(%O, %O, %O)\n", path, recursive, id); +  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { +  SIMPLE_TRACE_LEAVE("%s: Authentication required.", id->method); +  // FIXME: Sane realm. +  // FIXME: Recursion and htaccess? +  return +  Roxen.http_auth_required("foo", +  sprintf("<h1>Permission to '%s' denied</h1>", +  id->method)); +  } +  TRACE_LEAVE("Fall back to the default write access checks."); +  return ::write_access(path, recursive, id); + } +    array find_dir( string f, RequestID id )   {    array dir;       FILESYSTEM_WERR("find_dir for \""+f+"\"" +    (id->misc->internal_get ? " (internal)" : ""));       object privs;    SETUID_NT("Read dir");   
Roxen.git/server/modules/filesystems/filesystem.pike:628:    if (size != -1) {    TRACE_LEAVE(sprintf("%s failed. Directory name already exists. ",    id->method));    if (id->method == "MKCOL") {    return Roxen.http_status(405,    "Collection already exists.");    }    return 0;    }    -  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { -  TRACE_LEAVE(sprintf("%s: Permission denied", id->method)); -  // FIXME: Sane realm. -  return Roxen.http_auth_required("foo", -  sprintf("<h1>Permission to '%s' denied</h1>", -  id->method)); -  } -  +     // Disallow if the name is locked, or if the parent directory is locked.    mapping(string:mixed) ret = write_access(coll, 0, id) ||    write_access(combine_path(coll, ".."), 0, id);    if (ret) return ret;       mkdirs++;    object privs;    SETUID_TRACE("Creating directory/collection", 0);       if (query("no_symlinks") && (contains_symlinks(path, coll))) {
Roxen.git/server/modules/filesystems/filesystem.pike:859:    if (size != -1) {    TRACE_LEAVE(sprintf("%s failed. Directory name already exists. ",    id->method));    if (id->method == "MKCOL") {    return Roxen.http_status(405,    "Collection already exists.");    }    return 0;    }    -  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { -  TRACE_LEAVE(sprintf("%s: Permission denied", id->method)); -  // FIXME: Sane realm. -  return Roxen.http_auth_required("foo", -  sprintf("<h1>Permission to '%s' denied</h1>", -  id->method)); +  if (mapping(string:mixed) ret = write_access(oldf, 0, id)) { +  TRACE_LEAVE("MKCOL: Write access denied."); +  return ret;    } -  +     mkdirs++;    SETUID_TRACE("Creating directory/collection", 0);       if (query("no_symlinks") && (contains_symlinks(path, oldf))) {    privs = 0;    errors++;    report_error(LOCALE(46,"Creation of %O failed. Permission denied.\n"),    oldf);    TRACE_LEAVE(sprintf("%s: Contains symlinks. Permission denied",    id->method));
Roxen.git/server/modules/filesystems/filesystem.pike:930:    TRACE_LEAVE("PUT disallowed");    return 0;    }       if (FILTER_INTERNAL_FILE (f, id)) {    id->misc->error_code = 405;    TRACE_LEAVE("PUT of internal file is disallowed");    return 0;    }    -  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { -  TRACE_LEAVE("PUT: Permission denied"); -  // FIXME: Sane realm. -  return Roxen.http_auth_required("foo", -  "<h1>Permission to 'PUT' files denied</h1>"); -  } -  +     if (mapping(string:mixed) ret = write_access(oldf, 0, id)) {    TRACE_LEAVE("PUT: Locked");    return ret;    }       puts++;       QUOTA_WERR("Checking quota.\n");    if (id->misc->quota_obj && (id->misc->len > 0) &&    !id->misc->quota_obj->check_quota(URI, id->misc->len)) {
Roxen.git/server/modules/filesystems/filesystem.pike:1051:    TRACE_LEAVE("CHMOD disallowed (since PUT is disallowed)");    return 0;    }       if (FILTER_INTERNAL_FILE (f, id)) {    id->misc->error_code = 405;    TRACE_LEAVE("CHMOD of internal file is disallowed");    return 0;    }    -  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { -  TRACE_LEAVE("CHMOD: Permission denied"); -  // FIXME: Sane realm. -  return Roxen.http_auth_required("foo", -  "<h1>Permission to 'CHMOD' files denied</h1>"); -  } -  +     if (mapping(string:mixed) ret = write_access(oldf, 0, id)) {    TRACE_LEAVE("CHMOD: Locked");    return ret;    }       SETUID_TRACE("CHMODing file", 0);       if (query("no_symlinks") && (contains_symlinks(path, oldf))) {    privs = 0;    errors++;
Roxen.git/server/modules/filesystems/filesystem.pike:1119:    return 0;    }       if(size < -1)    {    id->misc->error_code = 405;    TRACE_LEAVE("MV: Cannot overwrite directory");    return 0;    }    -  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { -  TRACE_LEAVE("MV: Permission denied"); -  // FIXME: Sane realm. -  return Roxen.http_auth_required("foo", -  "<h1>Permission to 'MV' files denied</h1>"); -  } +     string movefrom;    if(!id->misc->move_from ||    !has_prefix(id->misc->move_from, mountpoint) ||    !(movefrom = id->conf->real_file(id->misc->move_from, id))) {    id->misc->error_code = 405;    errors++;    TRACE_LEAVE("MV: No source file");    return 0;    }   
Roxen.git/server/modules/filesystems/filesystem.pike:1203:    TRACE_LEAVE("MOVE disallowed (since PUT is disallowed)");    return 0;    }    if(size == -1)    {    id->misc->error_code = 404;    TRACE_LEAVE("MOVE failed (no such file)");    return 0;    }    -  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { -  TRACE_LEAVE("MOVE: Permission denied"); -  // FIXME: Sane realm. -  return Roxen.http_auth_required("foo", -  "<h1>Permission to 'MOVE' files denied</h1>"); -  } -  +     string new_uri = id->misc["new-uri"] || "";    if (new_uri == "") {    id->misc->error_code = 405;    errors++;    TRACE_LEAVE("MOVE: No dest file");    return 0;    }       // FIXME: The code below doesn't allow for this module being overloaded.    if (!has_prefix(new_uri, mountpoint)) {
Roxen.git/server/modules/filesystems/filesystem.pike:1334:    TRACE_LEAVE("DELETE: Disabled");    return 0;    }       if (FILTER_INTERNAL_FILE (f, id)) {    id->misc->error_code = 405;    TRACE_LEAVE("DELETE of internal file is disallowed");    return 0;    }    -  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { -  TRACE_LEAVE("DELETE: Permission denied"); -  return Roxen.http_status(403, "Permission to DELETE file denied"); -  } -  +     if (query("no_symlinks") && (contains_symlinks(path, oldf))) {    errors++;    report_error(LOCALE(48,"Deletion of %s failed. Permission denied.\n"),f);    TRACE_LEAVE("DELETE: Contains symlinks");    return Roxen.http_status(403, "Permission denied.");    }       if ((size < 0) &&    (String.trim_whites(id->request_headers->depth||"infinity") !=    "infinity")) {
Roxen.git/server/modules/filesystems/filesystem.pike:1454:    SIMPLE_TRACE_ENTER(this, "COPY: Copy %O to %O.", source, dest);    Stat source_st = stat_file(source, id);    if (!source_st) {    TRACE_LEAVE("COPY: Source doesn't exist.");    return Roxen.http_status(404, "File not found.");    }    if (!query("put")) {    TRACE_LEAVE("COPY: Put not allowed.");    return Roxen.http_status(405, "Not allowed.");    } -  if(query("check_auth") && (!id->conf->authenticate( id ) ) ) { -  TRACE_LEAVE("COPY: Authentication required."); -  return -  // FIXME: Sane realm. -  Roxen.http_auth_required("foo", -  sprintf("<h1>Permission to 'COPY' denied</h1>", -  id->method)); -  } +     mapping|int(0..1) res = write_access(combine_path(dest, "../"), 0, id);    if (mappingp(res)) return res;    string dest_path = path + dest;    catch { dest_path = decode_path(dest_path); };    if (query("no_symlinks") && (contains_symlinks(path, dest_path))) {    errors++;    report_error(LOCALE(46,"Copy to %O failed. Permission denied.\n"),    dest);    TRACE_LEAVE("COPY: Contains symlinks. Permission denied");    return Roxen.http_status(403, "Permission denied.");